Hardware

Authentication and Access Control

• Support for 802.1X authentication.

  [See 802.1X Authentication.]

• Support for captive portal authentication.

  [See Captive Portal Authentication.]

Chassis

• Software support for platform infrastructure, fan, and power management.

• Support for Cloud LED (CLD).

  [See EX4400 Chassis.]

Class of Service

• Support for class-of-service (CoS) configuration.

  [See Class of Service User Guide (EX Series Switches Except EX4600 and EX9200 Switches).]

EVPN

• Support for the following Layer 2 VXLAN gateway features in an EVPN-VXLAN network:

  • Active/active multihoming

  • Proxy Address Resolution Protocol (ARP) usage and ARP suppression, and Neighbor Discovery Protocol (NDP) usage and NDP suppression on interfaces without integrated routing and bridging

  • Ingress node replication for broadcast, unknown unicast, and multicast (BUM) traffic forwarding

  [See EVPN Feature Guide.]

• Support for Layer 2 VXLAN gateway services in an EVPN-VXLAN network:

  • 802.1X authentication, accounting, central Web authentication (CWA), and captive portal

  • Class of service

  • DHCPv4 and DHCPv6 snooping, dynamic ARP inspection (DAI), neighbor discovery inspection, IP source guard and IPv6 source guard, and router advertisement (RA) guard (no multihoming)

  • Firewall filters and policing

  • Storm control, port mirroring, and MAC filtering

  [See EVPN Feature Guide.]

• Support for the following Layer 3 VXLAN gateway features in an EVPN-VXLAN network:

  • Default gateway using IRB interfaces to route traffic between VLANs

  • IPv6 data traffic routing through an EVPN-VXLAN overlay network with an IPv4 underlay

  • EVPN pure Type 5 routes

  The Virtual Chassis doesn’t support EVPN-VXLAN multihoming, but you can use the standalone switch as an EVPN-VXLAN provider edge (PE) device in multihoming use cases.

  [See EVPN Feature Guide.]

• Support for VXLAN-GBP—The EX4400-24X model supports the existing Layer 3 VXLAN network identifiers (VNI) in conjunction with firewall filter policies to provide microsegmentation at the level of a device or a tag, independent of the underlying network topology. IoT devices, for example, typically need access to only specific applications on the network. Group-based policy (GBP) keeps this traffic isolated by automatically applying security policies without the need for Layer 2 (L2) or L3 lookups or access control lists (ACLs).

  [See Example: Micro and Macro Segmentation using Group Based Policy in a VXLAN.]

High Availability and Resiliency

• Support for high availability includes nonstop software upgrade (NSSU), GRES, nonstop bridging (NSB), and nonstop active routing (NSR).

  [See High Availability User Guide.]

• Resiliency support for inter-integrated controller (I2C), disk failure, and disk health.

  [See High Availability User Guide.]

Interfaces

• Network interfaces support— Support for the following features:

  • 24x10G SFP fixed ports

  • 2x100G network ports, which can be converted to VC ports and vice versa

  • 4x25G modular uplink with VC port conversion support

  • 4x10G modular uplink

  • 1x100G modular uplink with VC port conversion support

  • OAM based resiliency

• Supported transceivers, optical interfaces, and DAC cables—Select your product in the Hardware Compatibility Tool to view supported transceivers, optical interfaces, and direct attach copper (DAC) cables for your platform or interface module. We update the tool and provide the first supported release information when the optic becomes available.

Junos Telemetry Interface

• Flow-based telemetry, inline monitoring services, and secure packet capture to the cCloud using Junos telemetry interface (JTI).

  [See Guidelines for gRPC and gNMI Sensors (Junos Telemetry Interface), Flow-Based Telemetry (EX4100, EX4100-F, and EX4400 Series), Inline Monitoring Services Configuration, and Telemetry Sensor Explorer.]

Layer 2 features

• Support for the following Layer 2 features:

  • Bridge protocol data unit (BPDU) protection

  • Ethernet ring protection switching (ERPS)

  • IEEE 802.1p

  • Resilient hashing on LAGs

  • Layer 3 VLAN-tagged subinterfaces

  • LLDP (IEEE 802.1AB)

  • Loop protection

  • MAC address accounting

  • MAC address aging

  • MAC address filtering

  • Disable MAC learning

  • Multiple Spanning Tree Protocol (MSTP) (IEEE 802.1s)

  • Multiple VLAN Registration Protocol (MVRP) (IEEE 802.1ak)

  • Persistent MAC (sticky MAC)

  • Per VLAN MAC learning (limit)

  • Port-based VLAN

  • Proxy ARP

  • Redundant trunk group (RTG)

  • Root protection

  • Routed VLAN interface (RVI)

  • Rapid Spanning Tree Protocol (RSTP) (IEEE 802.1w)

  • Static and dynamic link aggregation with LACP (fast and slow LACP)

  • Static MAC address assignment for interface

  • Storm control

  • STP (IEEE 802.1D)

  • Uplink failure detection

  • VLAN

  • VLAN—IEEE 802.1Q VLAN trunking

  • VSTP

  [See Ethernet Switching User Guide, Security Services Administration Guide, and Spanning-Tree Protocols User Guide.]

Layer 3 features

• Support for the following Layer 3 features:

  • 32-way ECMP

  • BFD (for RIP, OSPF, IS-IS, BGP, and PIM)

  • BGP 4-byte ASN support

  • BGP Add Path (BGP-AP)

  • Filter based forwarding (FBF)

  • IP directed broadcast traffic forwarding

  • IPv4 BGP

  • IPv4 multiprotocol BGP (MBGP)

  • IPv4 over GRE

  • IPv6 BGP

  • IPv6 CoS (BA, classification and rewrite, scheduling based on traffic class)

  • IPv6 IS-IS

  • IPv6 Neighbor Discovery Protocol (NDP)

  • IPv6 OSPFv3

  • IPv6 ping

  • IPv6 stateless auto-configuration

  • IPv6 static routing

  • IPv6 traceroute

  • IS-IS

  • OSPFv2

  • Path MTU discovery

  • RIPv2

  • Static routing

  • Unicast reverse path forwarding (unicast RPF)

  • Virtual router for IS-IS, RIP, OSPF, and BGP

  • Virtual Router Redundancy Protocol (VRRP)

  • VRRPv3

  [See High Availability User Guide, BGP User Guide, Routing Policies, Firewall Filters, and Traffic Policers User Guide, IS-IS User Guide, Security Services Administration Guide, and OSPF User Guide.]

Multicast features

• Support for the following multicast features:

  • IGMP snooping

  • IGMP: version 1 through version 3

  • Multicast Listener Discovery (MLD) snooping

  • PIM-SM, PIM-SSM, PIM-DM

  [See Multicast Protocols User Guide.]

Network Management and Monitoring

• Support for the following Ethernet OAM link fault management (LFM) and CFM features:

  • Monitor faults by using the continuity check message (CCM) protocol to discover and maintain adjacencies at the VLAN or link level.

  • Discover paths and verify faults by using the Link Trace Message (LTM) protocol to determine the path taken from an endpoint to a destination MAC address.

  • Isolate faults by using loopback messages.

  [See Ethernet OAM and CFM for Switches and OAM Link Fault Management.]

• Support for local and remote port mirroring, and remote port mirroring to an IP address (GRE encapsulation).

  [See Port Mirroring and Analyzers.]

• Support for the sFlow network monitoring technology.

  [See sFlow Monitoring Technology.]

• Support for Juniper Mist Wired Assurance—You can automatically onboard and provision Juniper Networks EX4400 switches to the Juniper Mist cloud by using a single activation code. Juniper Mist Wired Assurance provides automated operations. It also enables the use of service-level expectations (SLEs) for IoT devices, Juniper access points driven by Mist AI, and other network devices.

  [For an overview of Juniper Mist Wired Assurance and deployment instructions, see Cloud-Ready Switches with Mist and Overview of EX Series Switches and the Juniper Mist Cloud.]

Precision Time Protocol

• Support for Precision Time Protocol (PTP) transparent clock.

  [See PTP Transparent Clocks.]

Routing Policies and Firewall Filters

• Support for firewall filters and policers.

  [See Firewall Filters Overview.]

Security

• Support for Media Access Control Security (MACsec) with 256-bit cipher suite.

  [See Understanding Media Access Control Security (MACsec).]

• Support for distributed denial-of-service (DDoS) protection.

  [See Control Plane Distributed Denial-of-Service (DDoS) Protection Overview.]

• Support for the following port security features:

  • DHCP snooping (IPv4 and IPv6)

  • Dynamic ARP inspection (DAI)

  • IPv6 neighbor discovery inspection

  [See Security Services Administration Guide.]

Software Installation and Upgrade

• Support for secure boot. The implementation is based on the UEFI 2.4 standard.

  [See Software Installation and Upgrade Guide.]

• Support for phone-home client (PHC). The PHC can securely provision an EX4400 Virtual Chassis without requiring user interaction.

  [See Provision a Virtual Chassis Using the Phone-Home Client.]

• Support for zero-touch provisioning (ZTP). Zero-touch provisioning enables you to install or upgrade the software on your device with minimal manual intervention.

  [See Zero Touch Provisioning.]

• Support for DHCP option 43 suboption 8 to provide proxy server information in a PHC. During the bootstrapping process, the PHC can access the redirect server or the phone-home server (PHS) through a proxy server. The DHCP server uses DHCP option 43 suboption 8 or DHCP option 17 suboption 8 to deliver the details of both IPv4 and IPv6 proxy servers to the PHC.

  [See Obtaining Configurations and Software Image Without User Intervention Using Phone-Home Client.]

Virtual Chassis

• Support for Virtual Chassis—EX4400-24X switches support Virtual Chassis formation in the HGoE mode. You can connect up to 10 EX4400-24X/EX4400 switches in a Virtual Chassis and manage them as a single device.

  [See EX4400 Switches in a Virtual Chassis.]